diff options
| author | Patrick J Cherry <patrick@bytemark.co.uk> | 2012-04-21 10:46:37 +0100 |
|---|---|---|
| committer | Patrick J Cherry <patrick@bytemark.co.uk> | 2012-04-21 10:46:37 +0100 |
| commit | 392a87cfa181a762bf4b3244aa3c6d065ef15253 (patch) | |
| tree | 468cb0de2a7554701ae17cc03e01c213bd5676c9 | |
| parent | 89c47f0aa9acaf5ed9b361e4e9efbbd7e3da8efc (diff) | |
Added SSL cert verification for Bytemark Authentication. Also tidied away error
messages generated during login tests in the web_interface.
| -rw-r--r-- | lib/mauve/authentication.rb | 23 | ||||
| -rw-r--r-- | test/tc_mauve_web_interface.rb | 6 |
2 files changed, 25 insertions, 4 deletions
diff --git a/lib/mauve/authentication.rb b/lib/mauve/authentication.rb index 54743f1..0fc6823 100644 --- a/lib/mauve/authentication.rb +++ b/lib/mauve/authentication.rb @@ -3,6 +3,11 @@ require 'sha1' require 'xmlrpc/client' require 'timeout' +# +# This allows poking of the SSL attributes of the http client. +# +module XMLRPC ; class Client ; attr_reader :http ; end ; end + module Mauve # @@ -131,15 +136,25 @@ module Mauve def authenticate(login, password) super - client = XMLRPC::Client.new(@srv,"/",@port,nil,nil,nil,nil,true,@timeout).proxy("bytemark.auth") + client = XMLRPC::Client.new(@srv,"/",@port,nil,nil,nil,nil,true,@timeout) + + # + # Make sure we verify our peer before attempting login. + # + if client.http.use_ssl? + client.http.ca_path = "/etc/ssl/certs/" + client.http.verify_mode = OpenSSL::SSL::VERIFY_PEER + end begin - challenge = client.getChallengeForUser(login) + proxy = client.proxy("bytemark.auth") + challenge = proxy.getChallengeForUser(login) response = Digest::SHA1.new.update(challenge).update(password).hexdigest - client.login(login, response) + proxy.login(login, response) return true rescue XMLRPC::FaultException => fault - logger.warn "#{self.class} for #{login} failed: #{fault.faultCode}: #{fault.faultString}" + logger.warn "#{self.class} for #{login} failed" + logger.debug "#{fault.faultCode}: #{fault.faultString}" return false rescue IOError => ex logger.warn "#{ex.class} during auth for #{login} (#{ex.to_s})" diff --git a/test/tc_mauve_web_interface.rb b/test/tc_mauve_web_interface.rb index a120c37..69828e9 100644 --- a/test/tc_mauve_web_interface.rb +++ b/test/tc_mauve_web_interface.rb @@ -150,6 +150,12 @@ EOF assert(last_response.body.include?("Mauve: Login")) assert(session['__FLASH__'].has_key?(:error),"The flash error wasn't set") + # + # This last login attempt produces two warning messages (one for each auth + # type), so pop them both off the logger. + # + logger_pop ; logger_pop + post '/login', :username => 'test1', :password => 'ummVRu7qF' follow_redirect! while last_response.redirect? assert last_response.body.include?('Mauve: ') |